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Summary of the prosecution 

2Q This application is the U.S. National Stage of PCT/USOO/13128. A Demand for an 
International Preliminary Examination viid&t PCX Chapter II was made in this application and 
claims 1-13 submitted for examination were found to meet the requirements of PCT Article 
33(2-4). The Application entered the National Stage on 5/21/02 and Examiner mailed a first 
Office action on 6/21/06. In that Office action, Examiner objected to claims 6-8 under 37 

25 C.F.R. 1.75(c) because of failure to use the proper form in specifying multiple dependencies 
and rejected claims 1-13 under $5 U SC. 102(b) as anticipated by US SN 5,778,071, Caputo, et 
al., Pocket encrypting and authenticating communications device ? issued 7/7/98., henceforth 
"Caputo". Applicants amended their claims 6-8 to overcome the objection to claims 6-8 and 
traversed the rejection under 35 U.S.C. 102(b). As part of the traversal, Applicants called 

30 Examiner's attention to three references which were cited but not applied by Examiner but are 
in feet more relevant to Applicants' claims than Gaputo. Among these references was U.S. 
Patent 6,668,325, Collberg, et al., Qbfuscation techniques for enhancing software security*, 
issued Dec. 23. 2003 and claiming priority from a New Zealand patent application filed June 9, 
1997 (henceforth "Collberg"). Applicants cited the published PCT application WO99/0815, 

35 which is based on the New Zealand application, in their Description of related art 

Examiner mailed a second non-final Office action in the above application on Dec. 19, 2006 in 
which he persisted in his rejection of claims 6-8 as amended under 37 CFR 1. 75(c) and 
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rejected claims 1-13 under 35 U S. C 102(e) as anticipated by Collberg. Applicants are 
traversing both the ob^ecti 1.75(c) and the rejections urieler 35 U.S.C. 

103(e). 

5 Traversal 

Tk& ob/ecii ons to claims ' 0^ 8 

These claims are multiply-dependent. As amended in Appli cants' response of October 20, 

2006, the language iii tji^e eamfel is tix^Lt; s et is foirth the multiple dependency reads as follows: 

The method of ex ecuting obfu seated code s et forth i n any one of claims 3> 4, or 5 
10 wherein: (emphasi s addedj) 

MPEP 680 l(n) sets forth the requirements for multiply-dependent claims It currently reads as 
follows: 

Thus >S ILS-C. 112 ^ 
claims -m ^p^Ec^i&bm. filedt mi m& afler iamory '24; 
.!#:?$.;..<*$ k^g tliey z\m m ik&Mtem^w& ib^-|e:g. ; > 
:< : A :rn^:dhme: acceding to ctmm 3 m.- : 4, ferther ccssiv 
pAing <Smw&mi^P:. -ct^x^km, (e.g„, "A machine 

15 Appli cants' attorney respectfully submits that the lariguage "in any on e of claims 3 ? 4 f or 5" 
does set forth the multiple dependencies "in the alternative form 11 , as required by MPEP 
680 i(n). Applicants 1 attorney beli eves that the language ;/s"rt"?y£x5rtli; : :tli=e ^miil : 1i.p'l6 dependencies 
in th e : alte:m ^tiv e f or rn as a matter of Engli sh gramm ar and i s cbnfirrned in this belief by the 
fact that he has been writing multiply-^ 27 years ■ ; . niSisri til 6;iit ;. 

20 obj ecti on from the TJSPTQ. 

Traversal of the ruction of claim 1 

Claim 1 is directed to the m ethod of data fiel d obfu sc at page 6 ? line 3 1 through 

page 7 - line 14 and shown at 301 in FIG. 3. As set forth m the claim, the method n obfuscat[es] 

25 executable code th^ U reference including a symbolic object name and a symboli c 

field narhe to r&ference a field containing data". The "first reference" is embodied in the 
person symbolic object name of FIG. 2 and the string and person symbolic field 
names used in FIG. 2 to reference fields containing the person object's data. In FIG. 3, 
person is defined usiixg person object's data. 

30 Li v, the data fields are referenced by array indices, and v is thus an : embo^ment of the 
"second reference that references the field by the defined object's name and the field as 

2 
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required by the defined obj ect 11 A pe rs on object is new created by creating an instance of 
the array v that has two elernents, one for e ach of &e too van (305), arid then using the 
inde^ of the variable's eU array to refer ence the van abl e's elements , as shown at 

307 and 309: 

5 

The ci os est Col lb erg c orne s to any of thi sis col .24 , 1 in es 53-60; whi ch r e ads as foil ow s: 

V. 

\wmbk:* > Im; ^^?fk, ihc-n xtemmsi typ^ c>l: Wv <^.n .W 
>cfe$ i\ >^ i?s ^ii^h^r $n ili-o s$5te5^n<-<: Hfex'ss: d)y my 
&i ihix iyjvs* Kit \ : . . . . V c . 

In this, tf an sf orm ati on, th e variabl e s simp! y be come elements of th e array , there is no noti on of 

using the technique to obfuscate the relationship between an object and its fields, and 

10 con sequent! y no thing 1 ike the cl aim e d st eps of 

defining ari obj ect ^ by a symboli c fiel d name; 

and 

repi acing th e first refer en ce with a s econd referen ce th at refer en ces the 
field by the defined Object's: h 

15 

B ecause that is the ease, Col lb erg does not show all of the limitations of claim 1 and the 
rejection i s wi th out foundation .: 

7}m&rsai :<tf £^ of clai m 2 

20 Claim 2 is directed to an obfuscation method that may be us ed with code written in languages 

such as Java that have reflection. A.s set forth beginning at page 8, line 16 lang;u^ges that have:. 

reflection have mechanisms for returning inform classes at run time. 

In Jav a, the m e ch ani srn is methods i n th e Java system cl as s e s th at return class inform ati on 

about Java objects. A method for using reflection for obfuscation is described beginning at 
25 p ag e 8, li n e 3 1 and i llu st r at e d at FIG. 5; 

Collberg says nothing at all about Java's reflection mechanism. This is apparent from, the 
results of a Lenis sear ch on patno= ( 6/ 668 , 325) and ( r efleet i ) , set up to displ ay 
2 5 words one ach si de of the s e ar ch term . What it return ed was the foil owing : 

30 
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...low execution time penalty should be favored. This latter point is 
accomplished by selecting transformations that maximize potency and resilience, 
and minimize cost. 

5 An obfuscation priority is allocated to a source code object. This will reflect 

how important it is to obfuscate the contents of the source code object. For example, 
if a particular source code object contains highly sensitive proprietary material, then 
the obfuscation priority will be high. An execution ... 

...AcceptCost. 

10 c) An updated obfuscation priority mapping I. 

d) A Boolean return value which is TRUE if the termination condition has been 
reached. 

The Done function serves two purposes. It updates the priority queue I to reflect 
the fact that the source code object S has been obfuscated, and should receive a 
15 reduced priority value. The reduction is based on a combination of the resilience and 

potency of the transformation. Done also updates Reqobf and AcceptCost, and 
determines whether the termination condition has been ... 

As will be immediately apparent from the search results, the term "reflect" is not used in 
20 Collberg to refer to the Java reflection mechanism. Since that is the case, Collberg does not 
disclose the limitations of claim 2 and therefore does not anticipate it. 



Traversal of the rejection of claims 3-12 

These claims all concern methods of using encryption to obfuscate constructs whose 
25 definitions are external to the executable code. In Java, the constructs that are defined in Java 
system classes are constructs which are external to the executable code. In claim 11, such 
constructs are set forth as "constructs belonging to an execution environment in which the 
executable code will execute". The claimed methods are supported by the description which 
begins at page 9, line 26 and by FIG. 6. 

30 

Collberg discloses no more about using encryption to obfuscate Java system constructs than he 
does about using reflection to obfuscate. A Lexis search on patno= ( 6, 668 r 325 ) and 
(encrypt! ), set up to display 25 words on each side of the search term, returned the 
following: 
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SUMMARY: 

...structures, abstractions, and organization of the code. 

5 Software patents provide more comprehensive protection. However, it is 

clearly an advantage to couple legal protection of software with technical 
protection. 

Previous approaches to the protection of proprietary software have either 
used encryption-based hardware solutions or have been based on simple 
10 rearrangements of the source code structure. Hardware-based techniques are 

non-ideal in that they are generally expensive and are tied to a specific 
platform or hardware add-on. Software solutions ... 

DRWDESC: 

15 ...providing software security by (a) server-side execution and (b) partial 

server-side execution; 

FIGS. 4a and 4b show techniques for providing software security by (a) 
using encryption and (b) using signed native code; 

FIG. 5 shows a technique for providing software security through 
20 obfuscation; 

FIG. 6 illustrates the architecture of an example of an obfuscating tool 
suitable for ... 

DETDESC: 

25 ...locally on the user's site, and a private part (that contains the algorithms 

that Alice wants to protect) that is run remotely, for example, as shown in 
FIG. 3b. 

Another approach would be for Alice to encrypt her code before it is 
sent off to the users, for example, as shown in FIG. 4a. Unfortunately, this 
30 only works if the entire decryption/execution process takes place in 

hardware. Such systems are described ... 

...available deobfuscation algorithms, and (c) the amount of resources 
(time and space) available to the deobfuscator. Ideally, we would like to 
mimic the situation in current public-key cryptosy stems, in which there is a 
35 dramatic difference in the cost of encryption (finding large primes is easy) 

and decryption (factoring large numbers is difficult). We will see that there 
are, in fact, obfuscating transformations that can be applied in polynomial 
time but which require exponential time to ... 

...FIG. 31. For an overview of the opaque constructs that have been 
40 discussed above, see FIG. 32. However, the present invention should not be 

limited to the exemplary transformations and opaque constructs discussed 
above. 
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11.1 The Power of Obfuscation 
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Encryption and program obfuscation bear a striking resemblance to each 
other. Not only do both try to hide information from prying eyes, they also 
purport to do so for a limited time only. An encrypted document has a 
limited shelf-life: it is safe only for as long as the encryption algorithm itself 
5 withstands attack, and for as long as advances in hardware speed do not 

allow messages for the chosen key-length to be routinely decrypted. The 
same is true for an ... 

As is clear from the description of FIG. 4a at col. 9, lines 55-67, what is described there is the 
10 technique of simply encrypting all of the downloaded code. The problem with this technique is 
of course that if the code is decrypted and then executed, it can be reverse engineered by 
simply decompiling it. The other references are simply to decryption generally. Because there 
is no disclosure whatever in Collberg of the use of encryption for obfuscation, the reference 
cannot anticipate claims 1, 9, and 1 1. Further, the additional limitations of dependent claims 4- 
15 8 and 10 all involve encryption, and are consequently patentable in their own rights over 
Collberg. Claim 13 is a dependent Beauregard claim, and as such, its patentability depends 
completely on the patentability of the claims it is dependent from. As just pointed out, each of 
claims 1, 2, 3, 9, and 1 1 is patentable, and consequently so is claim 13. 



20 Conclusion 

Applicants have traversed all of Examiner's objections and rejections and have thereby been 
completely responsive to Examiner's Office action of Dec. 19, 2006 as required by 37 C.F.R. 
1.111(b) and respectfully request that Examiner continue with his examination as provided by 
37 C.F.R. 1.111(a). No fees are believed to be required for this response. Should any be, 
25 please charge them to Deposit Account #501315. 



Respectfully submitted, 
/Gordon E. Nelson/ 

30 Attorney of record, 

Gordon E. Nelson 
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Rowley, MA, 01969, 
Registration number 30,093 
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